On Wed, 10 Nov 2021 02:06:42 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> When set on the command line `jdk.serialFilter` to an invalid value, the
>> invalid value is logged but the application is allowed to start without
>> setting the filter.
>> This leaves the application without the protections of the serial filter.
>> The specification should be clarify that an `ExceptionInInitializerError` is
>> thrown when the `jdk.serialFilter` system property is set on the command
>> line to an invalid value.
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 528:
>
>> 526: * The filter is created as if {@link #createFilter(String)
>> createFilter} is called;
>> 527: * if the filter string is invalid, an {@link
>> ExceptionInInitializerError} is thrown.
>> 528: * Otherwise, the filter is not configured during initialization and
>
> Hello Roger, the new line looks good to me. However, with this new line now
> staying between the "If the Java virtual machine ..." and the "Otherwise,
> ..." lines, I had to re-read this "Otherwise, the filter is not ..." line a
> few times to see which "if" it corresponds to, because there's a "if the
> filter string is invalid" on the previous line.
> Do you think these lines might have to be rearranged?
Good suggestion, I'll take that up in a new issue related to incomplete
initialization.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6317
